PATENT 


AMENDMENT TO THE CLAIMS 
Please am^hd the claims to read as follows: 


aqa^ndJh* 



1. (currently amended) A method of securing a data transaction across a security 
barrier, the method comprising: 

validating a request message encoded in a structured request language against a 

predefined request message specification therefor ; 
transmitting tthe validated request message across the security barrier; 
validating a response message encoded in a structured response language against 

a predefined response message specification therefor , the response 

message corresponding to the validated request; and 
transmitting tire validated response message across the security barrier. 

2. (original) A method as in claim 1, 

wherein the request and response message specifications are predefined in 

accordance with valid request and response message constraints specific to 
an information resource. 

3. (original) A method as in claim 1, 

wherein at least one of the request and response message specifications is 
cryptograpmcally secured. 

4. (original) A method as in claim 1, further comprising: 

receiving, at an application proxy, an access request targeting an information 
resource; \ 

formatting the request message in a structured language corresponding to the 

request message specification; and 
transmitting the formatted request message to a secure data broker for the request 

message validating. 


5. (original) A method as in claim 1, further comprising: 
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formatting thk response message in a structured language corresponding to the 

response message specification; and 
transmitting the formatted response message to a secure data broker for the 

response message validating. 

6. (original) A method as in claim 1, further comprising: 

accessing an information resource in accordance with the validated request 
message; and 

preparing the response message in accordance with the access. 

7. (original) A method as in claim 6, 

wherein the response message is formatted in a structured language corresponding 
to the response message specification. 

8. (original) A method as in claim 1 , 

wherein the request message is formatted in a structured language corresponding 

to the requestimessage specification; and 
wherein the responselmessage is formatted in a structured language corresponding 

to the responsfe message specification. 

9. (original) A method as in claim 8, 

wherein the structured languages corresponding to the request and response 

message specifications include an extensible Markup Language (XML). 

10. (original) A method! as in claim 1, 

wherein the request and troe response message validatings are respectively 

performed at first and second secure data brokers on opposing sides of the 
security barrier; and 

wherein the validated request and response message transmissions are between 
the first and second secure data brokers. 
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1 1 . (original) A rrqethod as in claim 1 , wherein the request message validating 
includes: 

parsing the request Aessage using Data Type Definitions (DTDs) encoding a 
hierarchy of valid tag- value pairs in accordance with syntax of a valid 
• request message; and 

if the request message is not successfully parsed, forwarding a response message 
without transmission of the request message across the security barrier. 


12. (original) A method as in claim 1, wherein the response message validating 
includes: 

parsing the response message using Data Type Definitions (DTDs) encoding a 

hierarchy of tag-v^lue pairs in accordance with syntax of a valid response 
message. 

13. (original) A method is in claim 1, 

wherein at least one of the (validated request message transmitting and the 
validated response message transmitting is via a secure protocol. 


14. (original) A method asl in claim 1, 

wherein at least one of the validated request message and the validated response 
message is encoded in a markup language. 

15. (original) A method as in claim 1, 
wherein the security barrier includes a firewall. 

16. (original) A method as inlclaim 1, 

wherein the security barrier includes a secure communication channel between 
servers. 


17. (original) In a networked computing environment, a method of securing 
access to an information resource behind a security barrier, the method comprising: 


response to 4 24 03 oa 0O4-3633.doc 


-6- 


Application No.: 09/357,726 


PATENT 


predefining a req lest message specification corresponding to a structured request 
language; 

formatting an acc sss request in accordance with the structured request language; 
supplying the fori latted access request to a first intermediary, the intermediary 

validating ;he formatted access request in accordance with the request 

message specification; and 
forwarding the validated access request across the security barrier. 


18. (original) A method as in claim 17, further comprising: 
accessing the information resource in accordance with the validated access 

request. 

19. (original) A method as in claim 17, further comprising: 
receiving, at an application proxy, an access request targeting the information 

resource; andl 

performing the accessvrequest formatting at the application proxy. 

20. (original) A method as in claim 17, further comprising: 
predefining a response message specification corresponding to a structured 

response language; 

formatting a response to yhe access request in accordance with the structured 
language; 

supplying the formatted response to a second intermediary, the second 

intermediary validating the formatted response in accordance with the 
response message specification; and 

forwarding a validated response across the security barrier. 

21. (original) A method as m claim 20, further comprising: 
accessing the information respurce in accordance with an access request from a 

client; and 

supplying the client with a resbonse in accordance with the validated response. 
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22. (original) In a metworked computing environment, a method of securing 
access to an information resource behind a security barrier, the method comprising: 

predefining a response message specification corresponding to a structured 
response language; 

formatting a responsqto an access request targeting the information resource, the 
formatted resppnse being in accordance with the structured response 
language; 

supplying the formatted response to an intermediary, the intermediary validating 
the formatted response in accordance with the response message 
specification; a id 

forwarding a validated response across the security barrier. 

23. (original) A methc d as in claim 22, further comprising: 

accessing the information resource in accordance with the access request from a 
client; 

supplying the client witli a response in accordance with the validated response. 

24. (currently amended' An information security system comprising: 
a security barrier; 

a proxy for an information resource, the proxy and the information resource on 

second sides, respectively, of the security barrier; 
side of the security barrier, wherein, in response to an 
feting the information resource, the data broker validates 
encoded in a structured request language against a 


opposing first and 
a data broker on the first 
access request tar 
a request message 


predefined reques ; message specification therefor and forwards only 
validated request messages across the security barrier. 

25. (original) An informi tion security system as in claim 24, further comprising: 

second side of the security barrier, wherein, in 
s targeting the information resource, the second data 


a second data broker on th 


response to an acc 
broker validates a r jsponse message against a predefined response 
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message specification and forwards only validated response messages 
across the security barrier. 

26. (original) An information security system as in claim 24, further comprising: 
the information resource;. 

27. (original) In a networked information environment including a client and an 
information resource separated ny a security barrier, an information security system 
comprising: 

means for proxying an access request by the client targeting the information 

resource and for preparing a request message corresponding to the access 
request in a structured language corresponding to a predefined request 
message specification; 

means for validating the request message against the predefined request message 
specification and forwarding only validated request messages across the 
security barrier. 

28. (original) An information security system as in claim 27, further comprising: 
means for validating a response message against a predefined response message 

specification and foi^varding only validated response messages across the 
security barrier. 


29. (original) An information security system as in claim 27, further comprising: 
the security barrier. 


30. (original) A computer program product encoded in computer readable media, 
the computer program product comprising: 

data broker code and parser code executable on a first network server separated 
from an information resource by a security barrier; 

the data broker code including instructions executable as a first instance thereof to 
receive access requests ill a structured language corresponding to a 
predefined request messa *e specification and to forward validated ones of 
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the access requests across the security barrier toward the information 
resource; and 

the parser code including instructions executable as a first instance thereof to 
validate the rec ?ived access requests against the predefined request 
message specification. 

3 1 . (original) The computer program product of claim 30, further comprising: 
an encoding of the predefined request message specification. 

32. (original) The computer program product of claim 30, 

wherein the data broker code and parser code are also executable on a second 

network server separated from a client application by the security barrier; 

wherein the data broker aode includes instructions executable as a second instance 
thereof to receivelresponses in a structured language corresponding to a 
predefined response message specification and to forward validated ones 
of the responses aqross the security barrier toward the client application; 
and 

wherein the parser code includes instructions executable as a second instance 

thereof to validate the received responses against the predefined response 
message specification. 

33. (original) The computer program product of claim 32, further comprising: 
an encoding of the predefined response message specification. 


34. (original) The computeriprogram product of claim 30, further comprising: 
application proxy code including instructions executable to format the access 

requests in accordance with the structured language corresponding to the 
predefined request me* sage specification. 

35. (original) The computer program product of claim 30, encoded by or 
transmitted in at least one computer readable medium selected from the set of a disk, tape 
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or other magnetic, optical, or electronic storage medium and a network, wireline, wireless 
or other communications medium. 



36. (new) Themetho 
includes a markup language 

37. (new) The method 
extensible markup language. 


of claim 1 wherein the structured request language 


of claim 36 wherein the markup language include 


38. (new) The method q>f claim 17 wherein the structure request language 
includes a markup language. 

39. (new) The method otjclaim 38 wherein the markup language includes 
extensible markup languge. 

40. (new) The information security system of claim 24 wherein the structured 
request language includes a markup language. 


41 . (new) The informationkecurity system of claim 40 wherein the markup 
language includes e xtensible markiip language. 
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